search

code-423n4 / 2021-09-wildcredit-findings

0 stars 0 forks source link

Missing zero-address checks #54

Open code423n4 opened 3 years ago

code423n4 commented 3 years ago

Handle

0xRajeev

Vulnerability details

Impact

While zero-address checks are a best-practice, this is missing in a few places.

Proof of Concept

https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/UniswapV3Oracle.sol#L43

https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/UniswapV3Oracle.sol#L70

https://github.com/code-423n4/2021-09-wildcredit/blob/c48235289a25b2134bb16530185483e8c85507f8/contracts/PairFactory.sol#L39-L42

Tools Used

Manual Analysis

Recommended Mitigation Steps

Add zero-address checks.

talegift commented 3 years ago

As per the pre the judge's comment on the same issue from the previous audit.

This requires user error so non-critical.

https://github.com/code-423n4/2021-07-wildcredit-findings/issues/108#issuecomment-890587742

ghoul-sol commented 3 years ago

This is best practice recommendation. Non-critical.